CVE-2016-1518
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.
El mecanismo de aprovisionamiento automático en la Grandstream Wave app 1.0.1.26 y versiones anteriores para Android y teléfonos Grandstream Video IP permite a atacantes man-in-the-middle suplantar los datos de aprovisionamiento y, en consecuencia, modificar la funcionalidad del dispositivo, obtener información sensible de los registros del sistema y otro impacto no especificado aprovechando el fallo de no utilizar una sesión HTTPS para descargar archivos de configuración desde http://fm.grandstream.com/gs/.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-07 CVE Reserved
- 2016-03-17 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html | Third Party Advisory | |
http://www.securityfocus.com/archive/1/537818/100/0/threaded | Mailing List | |
https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdf | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grandstream Search vendor "Grandstream" | Wave Search vendor "Grandstream" for product "Wave" | <= 1.0.1.26 Search vendor "Grandstream" for product "Wave" and version " <= 1.0.1.26" | android |
Affected
|